Vulnerability Details : CVE-2017-18248
The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification.
Vulnerability category: Input validation
Products affected by CVE-2017-18248
- cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*
Threat overview for CVE-2017-18248
Top countries where our scanners detected CVE-2017-18248
Top open port discovered on systems with this issue
631
IPs affected by CVE-2017-18248 118,435
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2017-18248!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2017-18248
1.59%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 87 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-18248
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:N/I:N/A:P |
6.8
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.6
|
3.6
|
NIST |
CWE ids for CVE-2017-18248
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-18248
-
https://github.com/apple/cups/issues/5143
Remote DoS attack against cupsd via invalid username and malicious D-Bus library · Issue #5143 · apple/cups · GitHubExploit;Third Party Advisory
-
https://github.com/apple/cups/releases/tag/v2.2.6
Release v2.2.6 · apple/cups · GitHubThird Party Advisory
-
https://security.cucumberlinux.com/security/details.php?id=346
CLD-346 DetailsExploit;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2018/07/msg00003.html
[SECURITY] [DLA 1412-1] cups security update
-
https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3
DBUS notifications could crash the scheduler (Issue #5143) · apple/cups@49fa498 · GitHubPatch;Third Party Advisory
-
https://usn.ubuntu.com/3713-1/
USN-3713-1: CUPS vulnerabilities | Ubuntu security notices
-
https://lists.debian.org/debian-lts-announce/2018/05/msg00018.html
[SECURITY] [DLA 1387-1] cups security update
Jump to